[apparmor] [patch 2/2] [2.8] mod_apparmor: for apache 2.4, use new access control hook
Seth Arnold
seth.arnold at canonical.com
Wed Jul 9 03:03:15 UTC 2014
On Tue, Jul 08, 2014 at 10:55:44AM -0700, Steve Beattie wrote:
> Use ap_hook_check_access_ex() instead of
> ap_hook_access_checker() for apache 2.4; see
> http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html#http_request
>
> Signed-off-by: Steve Beattie <steve at nxnw.org>
Looks good to me, thanks.
Acked-by: Seth Arnold <seth.arnold at canonical.com>
> ---
> changehat/mod_apparmor/mod_apparmor.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> Index: b/changehat/mod_apparmor/mod_apparmor.c
> ===================================================================
> --- a/changehat/mod_apparmor/mod_apparmor.c
> +++ b/changehat/mod_apparmor/mod_apparmor.c
> @@ -355,7 +355,15 @@ register_hooks (apr_pool_t *p)
> {
> ap_hook_post_config (immunix_init, NULL, NULL, APR_HOOK_MIDDLE);
> ap_hook_child_init (immunix_child_init, NULL, NULL, APR_HOOK_MIDDLE);
> +
> +#if AP_SERVER_MAJORVERSION_NUMBER == 2 && AP_SERVER_MINORVERSION_NUMBER < 3
> + /* Compatibility with apache 2.2 */
> ap_hook_access_checker(immunix_enter_hat, NULL, NULL, APR_HOOK_FIRST);
> +#else
> + /* apache 2.4 mod_authz hook */
> + ap_hook_check_access_ex(immunix_enter_hat, NULL, NULL, APR_HOOK_FIRST, AP_AUTH_INTERNAL_PER_CONF);
> +#endif
> +
> /* ap_hook_post_read_request(immunix_enter_hat, NULL, NULL, APR_HOOK_FIRST); */
> ap_hook_log_transaction(immunix_exit_hat, NULL, NULL, APR_HOOK_LAST);
> }
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140708/2132a6b9/attachment.pgp>
More information about the AppArmor
mailing list